Make "attach" and "exec" rejection in proxy more explicit

The more explicit regular expression for rejection makes a possibility of accessing pods (or any other resources) which contain "attach" or "exec" in their names via proxy API. It was not possible before. Also, the reference for "run" resource was removed, because it doesn't exist in any of k8s APIs currently. Fixes: #21464
2016-07-11 10:16:09 +02:00
parent 63bb2810d2
commit 3ed9768a51
2 changed files with 32 additions and 5 deletions
--- a/pkg/kubectl/proxy_server_test.go
+++ b/pkg/kubectl/proxy_server_test.go
@@ -62,7 +62,34 @@ func TestAccept(t *testing.T) {
 			acceptPaths:  DefaultPathAcceptRE,
 			rejectPaths:  DefaultPathRejectRE,
 			acceptHosts:  DefaultHostAcceptRE,
-			path:         "/api/v1/pods/foo/exec",
+			path:         "/api/v1/namespaces/default/pods/foo",
+			host:         "localhost",
+			method:       "GET",
+			expectAccept: true,
+		},
+		{
+			acceptPaths:  DefaultPathAcceptRE,
+			rejectPaths:  DefaultPathRejectRE,
+			acceptHosts:  DefaultHostAcceptRE,
+			path:         "/api/v1/namespaces/default/pods/attachfoo",
+			host:         "localhost",
+			method:       "GET",
+			expectAccept: true,
+		},
+		{
+			acceptPaths:  DefaultPathAcceptRE,
+			rejectPaths:  DefaultPathRejectRE,
+			acceptHosts:  DefaultHostAcceptRE,
+			path:         "/api/v1/namespaces/default/pods/execfoo",
+			host:         "localhost",
+			method:       "GET",
+			expectAccept: true,
+		},
+		{
+			acceptPaths:  DefaultPathAcceptRE,
+			rejectPaths:  DefaultPathRejectRE,
+			acceptHosts:  DefaultHostAcceptRE,
+			path:         "/api/v1/namespaces/default/pods/foo/exec",
 			host:         "127.0.0.1",
 			method:       "GET",
 			expectAccept: false,
@@ -71,7 +98,7 @@ func TestAccept(t *testing.T) {
 			acceptPaths:  DefaultPathAcceptRE,
 			rejectPaths:  DefaultPathRejectRE,
 			acceptHosts:  DefaultHostAcceptRE,
-			path:         "/api/v1/pods/foo/attach",
+			path:         "/api/v1/namespaces/default/pods/foo/attach",
 			host:         "127.0.0.1",
 			method:       "GET",
 			expectAccept: false,
@@ -125,7 +152,7 @@ func TestAccept(t *testing.T) {
 			acceptPaths:  DefaultPathAcceptRE,
 			rejectPaths:  DefaultPathRejectRE,
 			acceptHosts:  DefaultHostAcceptRE,
-			path:         "/api/v1/pods/somepod",
+			path:         "/api/v1/namespaces/default/pods/somepod",
 			host:         "localhost",
 			method:       "PUT",
 			expectAccept: false,
@@ -134,7 +161,7 @@ func TestAccept(t *testing.T) {
 			acceptPaths:  DefaultPathAcceptRE,
 			rejectPaths:  DefaultPathRejectRE,
 			acceptHosts:  DefaultHostAcceptRE,
-			path:         "/api/v1/pods/somepod",
+			path:         "/api/v1/namespaces/default/pods/somepod",
 			host:         "localhost",
 			method:       "PATCH",
 			expectAccept: false,